Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Gunicorn Improper Neutralization of CRLF Sequences (CRLF Injection) Vulnerability - CVE-2018-1000164 - Vulnerability Database
Gunicorn

Gunicorn Improper Neutralization of CRLF Sequences (CRLF Injection) Vulnerability - CVE-2018-1000164

High
Reference: CVE-2018-1000164
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-1000164
Title: Gunicorn Improper Neutralization of CRLF Sequences (CRLF Injection) Vulnerability
Overview:

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in quotprocess_headersquot function in quotgunicorn/http/wsgi.pyquot that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.